Schutz vor Computerviren

At the HZDR, Sophos Antivirus is widely used as an anti-virus program on the computer workstations and servers. Furthermore, a check for viruses in the data traffic through the firewall and on the email servers is carried out.

This results in some restrictions:

  • the use of Sophos Antivirus as an anti-virus program is mandatory
  • the installation is performed exclusively by the administrator
  • the configuration is carried out exclusively by the administrator
  • the configuration of the antivirus program may vary depending on the institute or purpose of use

Installation

Prerequisites:

Sophos Antivirus is available and licensed for the following operating systems:

  • MS Windows 7, Windows 8, Windows 10, Server 2012, Server 2016, Server 2019,
  • Linux,
  • MacOS

There should be no other antivirus programs on the computer, otherwise they must be uninstalled.

The installation for Windows clients is performed from a central installation directory.

  • Windows operating systems: the installation is carried out by the administrator. To install, run the file sophosinstall.exe from the software drive in 'Sophos\Client installation\Windows'. The rest of the installation is done automatically.
  • UNIX: To install, copy the SophosSetup.sh file in the software drive under "Sophos\Sophos_Central\Linux\" to the relevant computer. SuperUser rights are required for installation. The configuration of updates and policies is done automatically,
  • MacOS: To install, copy the SophosInstall.zip file in the software drive under "Sophos\Sophos_Central\Mac\" to the relevant computer. Administrator rights are required for installation. The configuration of updates and policies is done automatically.

Notification and Repair

If a virus is found, the following actions should be taken

  • Notification of a central office (IT Security Officer R. Gorek, FWC)
  • Repair attempt: An attempt to repair is made either through the Sophos anti-virus program or manually. Please note that files may be corrupted after an attempt to repair them, i.e. they may no longer be able to run or open.

Logging

Extremely important for analysis and tracing (and thus the detection of security holes) is the logging of all viruses found, together with their path of infection. Only with this information it is possible to protect you and your communication partners effectively against viruses.

Sophos Antivirus can report and log in five different ways (simultaneously):

  • Desktop notification: The user receives a message box.
  • Local log file: An entry is made in the local Sophos log file.
  • Reporting to the central management console: The computer is displayed as infected in the central management console. (Viewed by the administrator)
  • Log file on the management server: An entry about the infection is stored in the central log on the server.
  • SMTP: The virus message is sent by e-mail (to r.gorek@hzdr.de)